CVE-2024-10096

Name of the Vulnerable Software and Affected Versions Dask versions <=2024.8.2

Description The issue concerns a vulnerability in the Dask Distributed Server. It allows attackers to craft malicious objects using pickle serialization. These objects can be serialized on the client side and sent to the server for deserialization, potentially leading to remote command execution and granting full control over the Dask server.

Recommendations For Dask versions <=2024.8.2, consider avoiding the use of pickle serialization until a patch is available. As a temporary workaround, restrict access to the Dask Distributed Server to minimize the risk of exploitation.